SonarLint for Eclipse v5.8.1 released - Taint vulnerabilities in the IDE

I am pleased to announce this new version of SonarLint for Eclipse.
With this version, we add the possibility to investigate and fix taint vulnerabilities detected by SonarQube or SonarCloud directly in the IDE.

Taint vulnerabilities are security vulnerabilities where an attacker-controlled data is passed unsanitized from an input source to a sensitive sink.
Although taint vulnerabilities are not detected by SonarLint in the local code (they are only detected by SonarQube or SonarCloud), developers are now able, thanks to SonarLint, to review the whole injection flow in the IDE from the source to the sink.

As for other code quality and security issues, our rule documentation will help understand what is wrong, and how you can get it fixed.

All you need is to update SonarLint, and make sure your project is bound to SonarCloud or SonarQube (8.6 minimum version required).

And speaking about security, this new version bring new security rules (2 for Java, 2 for Python) that are part of OWASP Top 10 and CWE Top 25.

You can find the full release notes here (5.8 version) and here (5.8.1 bugfix version)